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Response to Amendment 

1. This is in response to an amendment file on March 21 st , 2005. In the amendment, claims 

1. 20 and 31 have been amended, claims 14 and 15 have been canceled, and claims 14, 15, 22, 
23, 35 and 37 has been added. Claims 1-13, 16-19, 20, 21, 24-34, 36, 38-41 remain pending in 
the letter. 

Response to Arguments 

2. Applicant's arguments with respect to claims 1-13, 16-19, 20, 21, 24-34, 36, 38-41 have 
been considered but are moot in view of the new ground(s) of rejection. 

Claim Rejections - 35 USC §103 

3. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 1 02 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

4. Claims 1-13 and 16-19 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Funk (U.S. Patent No. 5,721,779) in view of Keene et al (U.S. PG Pub No. 2004/0049294) in 
further view of Carter (U.S. Patent No. 6,760,843). 



5. As per claim 1, Funk teaches a method of administering access and security on a network 
having a plurality of computers comprising installing a one-way encrypted password file on each 
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computer of the plurality of computers in the network, wherein the encrypted password file 
includes a plurality of user identifications, associated encrypted passwords and associated 
privileges for each authorized user allowed access to the plurality of computers and the network, 
a password entered by a user when the user logs into a computer of the plurality of computers on 
the network, checking for a match between the user identification and encrypted password 
entered by the user and the plurality of user identifications and encrypted passwords stored in the 
encrypted password file, enabling access to data and software contained on the computer and the 
network permitted by the associated privileges for the user when a match is found on the 
encrypted password file {see abstract, fig 2, column 4 lines 3-6 line 49). Funk fails to teach a 
filtering and displaying messages to the user permitted by the associated privileges when a match 
is found on the encrypted password file. However, Keene et al teach filtering and displaying 
messages to the user permitted by the associated privileges when a match is found on the 
encrypted password file {see paragraph 007). Therefore, it would have been obvious to one of 
ordinary skill in the art at the time the invention was made to modify the inventive concept of 
Funk to include Keene et al's filtering and displaying messages to the user permitted by the 
associated privileges when a match is found on the encrypted password file because this would 
have provided controlled access to shared objects and documents in a database among approved 
users by individually defining the scope of their access to the data contained therein thereby 
displayed to the user as a document file having a redacted document, blocking out the 
information that the user is not privileged to see. The combination of Funk and Keene et al fail to 
teach an inventive concept of updating the master password at each of the plurality of 
computers wherein updating the master password file includes attaching a new master 
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password file to a message at a computer accessible by a systems administrator or security 
officer encrypting the message containing the new master password file using a private key and 
pass phrase available only to the system administrator or security office transmitting the 
message to the plurality of computers decrypting the message at each computer using a public 
key corresponding to the private keys. However, Carter teaches inventive concept of updating 
the master password at each of the plurality of computers wherein updating the master 
password file includes attaching a new master password file to a message at a computer 
accessible by a systems administrator or security officer encrypting the message containing the 
new master password file using a private key and pass phrase available only to the system 
administrator or security office transmitting the message to the plurality of computers 
decrypting the message at each computer using a public key corresponding to the private keys 
(see fig 1-3, summary of the invention and col 7 lines 24-49, 10 lines 11-11 line 49), 
Therefore, it would have been obvious to one of ordinary skill in the art at the time the 
invention was made to modify the inventive concept of Funk combined with Keene to include 
Carter's inventive concept of updating the master password at each of the plurality of 
computers wherein updating the master password file includes attaching a new master 
password file to a message at a computer accessible by a systems administrator or security 
officer encrypting the message containing the new master password file using a private key and 
pass phrase available only to the system administrator or security office transmitting the 
message to the plurality of computers decrypting the message at each computer using a public 
key corresponding to the private keys because this would have provided greater security to the 
system by ensuring that only administrator and security officer are able to change password. 
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6. As per claim 2, Funk teaches a method wherein the associated privileges contained in the 
encrypted password file indicate the security level and access privileges of the user identification 
for access to software, data and messages contained in the computer, the network, and 
transmitted over the network {see abstract, fig 2, column 4 lines 3-6 line 49). 

7; As per claim 3, Funk teaches a method wherein when one or more attempts of the user 
entering a user identification and encrypted password have failed to match the plurality of user 
identifications and encrypted passwords contained in the encrypted password file, the method 
further comprising: transmitting to a systems administrator or security officer by the computer a 
notification of the failure to provide a encrypted user identification and password that matches a 
user identification and encrypted password stored on the encrypted password file {see abstract, 
fig 2, column 4 lines 3-6 line 49). 

8. As per claim 4, Funk teaches a method further comprising locking, upon request by the 
systems administrator or security officer, the computer being accessed by the user having at least 
one failed attempt at entering a user identification and encrypted password so as to permit only 
access to a login screen by the user {see abstract, fig 2, column 4 lines 3-6 line 49). 

9. As per claim 5, Funk teaches a method further comprising spoofing, upon request by the 
systems administrator or security officer, the user into believing that the access has been gained 



Application/Control Number: 09/589,747 Page 6 

Art Unit: 3621 

to the computer, wherein spoofing includes the presentation of false messages and information to 
the user (see column 12 lines 20-64). 

1 0. As per claim 6, Funk teaches a method further comprising disabling, upon request by the 
systems administrator or security officer, the computer system so that the user cannot access the 
computer system (see column 8 lines 47-63). 

11. As per claim 7, Funk teaches a method further comprising deleting, upon request by the 
systems administrator or security officer, a plurality of files stored in the computer system (see 
abstract, Jig 4, column 2 lines 12-46). 

12. As per claim 8, Funk teaches a method further comprising displaying to a screen on the 
computer system a request for re-authentication at the direction of a system administrator or a 
security officer (see fig 2,3 column 4 lines 30-48) 

13. As per claims 9, Funk teaches a method wherein the request for re-authentication 
comprises displaying a login screen having a position for entry of the user identification and 
password (see abstract, fig 2, column 4 lines 3-6 line 49). 

14. As per claims 10, Funk teaches a method wherein the user identification is a role or title 
indicative of a level of authority of the user (see fig 2,3 column 4 lines 30-48). 
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15. As per claims 11, Funk teaches a method further comprising accessing a master 
password file on a computer system accessible by the systems administrator or security officer; 
encrypting the password; and searching the master password file for a match of the user 
identification and encrypted password {see abstract, fig 2, column 4 lines 3-6 line 49). 

16. As per claims 12, Funk teaches a method further comprising disabling the computer 
system, or spoofing the user, or locking the computer system when a match is not found for the 
user identification and encrypted password in the master password file {see abstract, fig 2, 
column 4 lines 3-6 line 49). 

17. As per claims 13, Funk teaches a method wherein after the user has entered the user 
identification and encrypted password and the user identification and password has matched 
that found in the encrypted password file, further comprising entering a new password by the 
user, re-authenticating the user identification and password stored on the master password file, 
encrypting the new password; and replacing the user identification and password with the 
encrypted user identification and the new encrypted password in the master password file {see 
abstract, fig 2, column 4 lines 3-6 line 49) 

18. As per claims 14, Funk teaches a method further comprising: attaching the master 
password file to a message, encrypting the message using a private key and passphrase available 
only to the systems administrator or security officer; and transmitting the message to the plurality 
of computers {see fig 4, column 5 lines 38-53, 6 lines 18-50). 
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19. As per claims 15, Funk teaches a method further comprising decrypting the message 
using a public key corresponding to the private key; reporting to the system administrator or 
security officer a failure to decrypt the message; and replacing the encrypted password file with 
the decrypted master password file {see column 8 lines 47-63). 

20. As per claims 16, Funk teaches a method further comprising detecting an anomalous 
event in a computer of the plurality of computers; and reporting the anomalous event to a system 
administrator or security officer {see column 12 lines 20-64). 

21 . As per claims 17, Funk teaches a method wherein the anomalous event comprise: the 
user has exceeded the number of allowable unsuccessful login attempt: a change in the users 
associated privileges has occurred, a system disable operation was initiated by the user; a user f s 
password has expired, a message was rejected due to an invalid digital signature, a request for 
remote user re-authentication has been received by the system administrator or security officer, 
a request for a remote user lockout has been received by the system administrator or security 
officer; and a request for remote loading passwords has completed successfully on the system 
administrator or security officer {see abstract, fig 2 t column 4 lines 3-6 line 49). 

22. As per claims 18, Funk teaches a method further comprising deleting a plurality of files 
on the computer and disabling the computer in response to an anomalous event when requested 
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by the system administrator or security officer or when an immediate shutdown in requested by 
the user {see abstract, fig 2, column 4 lines 3-6 line 49), 

23. As per claims 19, Funk teaches a method further comprising disabling the computer 
system, or spoofing the user, or locking the computer system when an anomalous event occurs 
(see abstract, fig 2, column 4 lines 3-6 line 49), 

24. Claims 20, 21, 24-34, 36, 38-41 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Funk (U.S. Patent No. 5,721,779) in view of Keene et al (U.S. PG Pub No. 
2004/0049294) in further view of Jones (U.S. Patent No. 5,289,540). 

25. As per claims 20 and 31, Funk teaches a system to administer access and security on a 
network having plurality of computers comprising includes a one-way encrypted password file 
on each computer of the plurality of computers in the network, wherein the encrypted password 
file includes a plurality of user identifications, associated encrypted passwords and associated 
privileges for each authorized user allowed access to the plurality of computers and the network, 
a user login module to receive a user identification or role and password from a user and login 
the user when a match is found in the encrypted password file (see abstract, fig 2, column 4 
lines 3-6 line 49), Funk fails to teach a channel monitoring and filtering module to monitor and 
receive broadcast c multicast messages within the network and display the message to the user 
when the user's associated privileges permit the viewing of the message. However, Keene et al 
teach a channel monitoring and filtering module to monitor and receive broadcast c multicast 
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messages within the network and display the message to the user when the user ! s associated 
privileges permit the viewing of the message {see paragraph 007). Therefore, it would have 
been obvious to one of ordinary skill in the art at the time the invention was made to modify the 
inventive concept of Funk to include Keene et al's channel monitoring and filtering module to 
monitor and receive broadcast c multicast messages within the network and display the 
message to the user when the user's associated privileges permit the viewing of the message 
because this would have provided controlled access to shared objects and documents in a 
database among approved users by individually defining the scope of their access to the data 
contained therein thereby displayed to the user as a document file having a redacted document, 
blocking out the information that the user is not privileged to see. The combination of Funk and 
Keene et al fail to teach an inventive concept of a remote auditing module operative to monitor 
and process anomalous events which may occur on the computer the anomalous events 
comprising a change in the users' associated privileges a system disable operation initiated by 
the user the expiration of a user's password the rejection of a message due to an invalid digital 
signature a request for remote user re-authentication received from the systems administrator 
or security officer a request for a remote user lockout received from the system administrator 
or security officer and successful completion of a request for remote loading passwords to a 
system administrator or security officer. However, Jones teaches inventive concept of a remote 
auditing module operative to monitor and process anomalous events which may occur on the 
computer the anomalous events comprising a change in the users 1 associated privileges a 
system disable operation initiated by the user the expiration of a user's password the rejection 
of a message due to an invalid digital signature a request for remote user re-authentication 
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received from the systems administrator or security officer a request for a remote user lockout 
received from the system administrator or security officer and successful completion of a 
request for remote loading passwords to a system administrator or security officer {see fig 4 
and the related text). Therefore, it would have been obvious to one of ordinary skill in the art 
at the time the invention was made to modify the inventive concept of Funk combined with 
Keene to include Jones' inventive concept of a remote auditing module operative to monitor 
and process anomalous events which may occur on the computer the anomalous events 
comprising a change in the users 1 associated privileges a system disable operation initiated by 
the user the expiration of a user's password the rejection of a message due to an invalid digital 
signature a request for remote user re-authentication received from the systems administrator 
or security officer a request for a remote user lockout received from the system administrator 
or security officer and successful completion of a request for remote loading passwords to a 
system administrator or security officer because this would have provided greater security to 
the system by ensuring that only administrator and security officer are able to load password to 
the system. 

26. As per claims 21 and 32, Funk teaches a system further comprising a password 
management module to update and insure that all the computers in the network contain the 
same encrypted password file {see column 8 lines 47-63). 
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27. As per claims 33, Funk teaches a system further comprising a remote auditing module to 
monitor and process anomalous events which may occur on the computer ((see abstract, fig 2, 
column 4 lines 3-6 line 49). 

28. As per claims 34, Funk teaches a system wherein the anomalous events comprise: the 
user has exceeded the number of allowable unsuccessful login attempts; a change in the users 
associated privileges has occurred, a system disable operation was initiated by the user; a user's 
password has expired, a message was rejected due to an invalid digital signature, a request for 
remote user re-authentication has been received by the systems administrator or security 
officer, a request for a remote user lockout has been received by the system administrator or 
security officer; and a request for remote loading passwords has completed successfully on the 
system administrator or security officer (see column 9 lines 8-63). 

29. As per claims 24 Funk teaches a system further comprises a remote control module to 
enable a systems administrator or security officer to take appropriate action when an event 
transpires, wherein the event is an anomalous event (see column 8 lines 47-63). 

30. As per claims 25 and 36, Funk teaches a system wherein the appropriate action 
comprises disabling, upon request by the systems administrator or security officer, the 
computer system so that the user cannot access the computer system; and deleting, upon 
request by a systems administrator or security officer, a plurality of files stored in the computer 
(see abstract, fig 2, column 4 lines 3-6 line 49). 
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31. As per claims 26, Funk teaches a system wherein the appropriate action comprises 
spoofing, upon request by a systems administrator or security officer, the user into believing 
that the access has been gained to the computer, wherein spoofing includes the presentation of 
false messages and information to the user (see abstract, fig 2, column 4 lines 3-6 line 49). 

32. As per claims 27 and 38, Funk teaches a system wherein the appropriate action 
comprises: locking the computer, upon request of a systems administrator or security officer, 
and displaying a login screen for the user to re-authenticate the user identification and 
password (see abstract, fig 2, column 4 lines 3-6 line 49). 

33. As per claims 28 and 39, Funk teaches a system further comprising an authentication 
module to re-authenticate the user after the user login module has found a match in the 
encrypted password contained in the computer by checking the user identification and 
password against a master password file stored in a computer accessible by a systems 
administrator or security officer (see abstract, fig 2, column 4 lines 3-6 line 49). 

34. As per claims 29 and 40, Funk teaches a system wherein the password management 
module attaches a master password file containing a complete user identifications, associated 
encrypted passwords and associated privileges to a message, encrypts the message using a 
private key and pass phrase for the system administrator or security officer and broadcasts the 
message to all users (see abstract, fig 2, column 4 lines 3-6 line 49). 
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35. As per claims 30 and 41, Funk teaches a system wherein the password management 
module decrypts the message using a public key associated with the private key, replaces the 
encrypted password file when decryption of the message is successful and reports a failure to 
the system administrator or security officer when the decryption is not successful {see abstract, 
fig 2, column 4 lines 3-6 line 49). 



Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Firmin Backer whose telephone number is (571) 272-6703. The 
examiner can normally be reached on Mon-Thu 9:00 AM - 5:00 PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, James Trammell can be reached on (571) 272-6712. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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